VB2019 presentation: Attor: spy platform with curious GSM fingerprinting

Attor is a newly discovered cyber-espionage platform, use of which dates back to at least 2014 and which focuses on diplomatic missions and governmental institutions. The modular malware searches specifically for TrueCrypt‑protected hard drives and the processes of specific VPN applications, suggesting a special interest in security-focused users. The most notable plug-in is one that is able to detect connected GSM/GPRS modems or mobile devices, allowing Attor to speak to them directly using the AT command set.

Details of Attor were presented at VB2019 in London by ESET researcher Zuzana Hromcová. Shortly after her presentation, ESET also published a white paper containing many technical details.

Today we release the recording of Zuzana’s presentation.



Have you carried out research that furthers our understanding of the threat landscape? Have you discovered a technique that helps in the analysis of malware? The Call for Papers for VB2020 in Dublin is open! Submit your abstract before 15 March for a chance to make it onto the programme of one of the most international threat intelligence conferences.